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REMARKS 

This communication is in response to the Final Office Action of January 2, 2008. 

Claims 1-20 were rejected under 35 USC § 103(a) as being unpatentable over Tripunitara 
et al., in view of what was well known art. In response to the claim rejections Applicant has 
amended the claims to recite with greater clarity certain aspects of the claimed invention. 

New dependent claims 21-23 were added that include a limitation that there is an 
extended cache residency lifetime to support detection of spoofing attacks. As described in 
paragraph [0028], a conventional ARP cache typically has too small a residency lifetime to be 
efficiently used to detect spoofing attacks. Increasing the cache residency time improves the 
efficiency with which snooping attacks can be detected. 

The independent claims were amended to include a limitation comparable to previously 
presented claim 15 that the firewall is resident on the host computer. 

Independent claims 1, 4, and 10 were amended to clarify that the firewall checks the 
authenticity of a new address resolution submitted by said unsolicited message. 

Tripunitara does not teach or suggest the limitation of claim 1 of: "in response to 
determining that cached address resolution information for said network protocol address has an 
old address resolution which differs from said new address resolution submitted by said 
unsolicited message, said firewall issuing a request for network elements having said network 
protocol address to reply with address resolution information in order to check the authenticity of 
the unsolicited message submitting the new address resolution for the network protocol address '' 
(emphasis added). The Examiner has cited passages in columns 3 and 5 of Tripunitara ; however 
the cited passages do not disclose all of these claim limitations. In particular, Tripunitara does 
not respond to the unsolicited requested by sending out a message to check authenticity. In 
contrast, Tripunitara blocks all unsolicited ARP responses from flowing to the host computer and 
furthermore drops the unsolicited ARP response. As described in column 5, lines 40-46 "If no 
corresponding entry exists in the responded Q, in step 55 the response frame is prevented from 
flowing up the stream to the host ARP cache since it is an unsolicited ARP response." Moreover, 
Tripunitara clearly teaches dropping unsolicited responses. Figure 6, lines 26-27 states that "this 
is an unsolicited response. Drop it and log the fact." As Tripunitara clearly teaches blocking and 
then dropping unsolicited responses it cannot, in combination with the other cited art, teach or 
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suggest all of the limitations of claim 1 . For similar reasons, the other independent claims are 
also patentable as the combination of the references fails to teach or suggest all of the elements 
of the claimed invention. 

Applicant furthermore notes that Tripunitara cannot be properly combined with general 
knowledge of the prior art to uphold a prima facie case of obviousness under 35 USC 103. As 
previously pointed out, Tripunitara teaches away from checking for spoofing attacks within a 
host computer. Tripunitara instead utilizes a modified protocol stack that resides in the network 
cloud at the gate to check for spoofing attacks. However, the protocol stack does not check an 
ARP cache. Instead, it utilizes separate queues for upward and downward flowing traffic to 
differentiate requests sent by a malicious host based on IP addresses. See, e.g., column 4, lines 
57-60. For example column 5, lines 30-32 describes a "Requested Q in which ARP requests are 
remembered by recording the target IP address in the Requested Q." One of ordinary skill in the 
art would not be motivated to modify Tripunitara to be resident on a local computer in the 
manner stated by the Examiner. 

It is respectfully submitted that all of the pending claims are in condition for allowance. If 
there are any other residual formalities that need to be resolved prior to allowing the subject 
application, the Examiner is requested to contact the undersigned. 

The Commissioner is hereby authorized to charge any appropriate fees to Deposit 
Account No. 50-1283. 
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